Android security mystery – ‘fake’ cellphone towers found in U.S.

[There have been many comments to this story from people who are assuming that these ‘towers’ are physical installations. There’s no reason to assume this is the case: it’s far likelier that they are mobile installations of the kind used not only by law enforcement and government agencies, but also by scammers and other criminals. (David Harley)]

Seventeen mysterious cellphone towers have been found in America which look like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose, according to Popular Science.

The fake ‘towers’ – computers which wirelessly attack cellphones via the “baseband” chips built to allow them to communicate with their networks, can eavesdrop and even install spyware, ESD claims. They are a known technology – but the surprise is that they are in active use.

The towers were found by users of the CryptoPhone 500, one of several ultra-secure handsets that have come to market in the last couple of years, after an executive noticed his handset was “leaking” data regularly.

Android Security: Towers throughout the US

Despite its secure OS, Les Goldsmith of the handset’s US manufacturer ESD found that his personal Android security handset’s firewall showed signs of attack “80 to 90” times per hour.

The leaks were traced to the mysterious towers. Despite having some of the functions of normal cellphone towers, Goldsmith says their function is rather different. He describes them as “interceptors” and says that various models can eavesdrop and even push spyware to devices. Normal cellphones cannot detect them – only specialized hardware such as ESD’s Android security handsets.

Who created the towers and maintains them is unknown, Goldsmith says.

Origin of towers ‘unknown’

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says. “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas.” [Editor’s note: Goldsmith has asked us to stress that the tower was actually in the vicinity of the casino, not within the casino itself.]

Their existence can only be seen on specialized devices, such as the custom Android security OS used by Cryptophone, which includes various security features – including “baseband attack detection.”

The handset, based on a Samsung Galaxy SIII, is described as offering, a “Hardened Android operating system” offering extra security. “Baseband firewall protects against over-the-air attacks with constant monitoring of baseband processor activity, baseband attack detection, and automated initiation of countermeasures”, claims the site.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”

Baseband attacks are considered extremely difficult – the details of the chips are closely guarded. “Interceptors” are costly devices – and hacking baseband chips is thought to be technically advanced beyond the reach of “ordinary” hackers, ESD says. The devices vary in form, and are sold to government agencies and others, but are computers with specialized software designed to defeat the encryption of cellphone networks. The towers target the “Baseband” operating system of cellphones – a secondary OS which sits “between” iOS or Android, for instance, and the cellular network.

Goldsmith says that the devices cost “less than $100,000” and does not mention what level or type of device his team has detected. Most are still out of reach of average hackers, although freely advertised. One model is the VME Dominator, which is described as, “a real time GSM A5.1 cell phone interceptor. It cannot be detected. It allows interception of voice and text. It also allows voice manipulation, up or down channel blocking, text intercept and modification, calling & sending text on behalf of the user, and directional finding of a user during random monitoring of calls.”

What has come as a surprise is how many “interceptors” are in active use in the U.S., and that their purpose remains mysterious.

Like Iran, things are tightly controlled around here. Makes you wonder if like Iran they are trying to keep the truth out.

John Doe

Obviously it’s the NSA or some such.

jutholmes

They’re on military bases? Real hard problem, sherlock. They’re owned by the fucking US government. They’re probably all part of anti-terrorist activities. The NSA probably uses them.

Liam

What if it were someone eavesdropping on military base communication? Not as clear cut as it seems, Mr. Watson

majestic whine

‘anti-terrorist’ activities. Bless.

Kyle Hamilton

The devices are called “Stingray”, and they’re used by law enforcement. NSA/DHS maintain they have legal right to install malware on every device in US, regardless of who owns it, based on their secret selection criteria. The PATRIOT Act allows federal law enforcement to delegate access to these devices, and have done so to several states which now have court decisions on the books allowing them to be used to monitor absolutely everyone within their range without a warrant.

We are living in the turnkey totalitarian surveillance nation-state.

robb32

hard to hack a phone that isn’t on..or someone that doesn’t HAVE one

RamsE39_E38

CMOS batteries, even when your phone is off it still sends out a GPS signal. Had to trace a phone once after a guy shot his wife in the face..

Sophia Keenesburg

cmos battery last for how many hours … sending out GPS signals???

Michael Richards

GPS specifically, or communication with cell phone towers (or both)?

Caption Oblivious

even when the battery is removed it is still possible to trace a phone these days.

Edumacated2

No it isn’t. The GPS receiver needs power to receive and communicate its coordinates. I work in Emergency Services and we cannot get the signal when the phone is off. Also, I used to work as an EE and you cannot get a device to work without power. The RFID chips get power via microwave and have a very short range to transmit their ID code, think in feet.

Caption Oblivious

who is this “we” you speak of?

new phones have micro-cmos batteries directly on the mother boards. just enough juice to keep big brother all lubed up…..

Cellular Tech Guy

Bullshit.

It’s clear that you don’t know how the “GPS tracking” on cellphones actually works.

tinkertronix

believe your own comfy lil thoughts if you want or you can face the facts, just find your old android in a junk drawer and jewelers tools and see for yourself, I fix and replace cellphone parts as a hobby and they are all equipped now days with CMOS batteries just like a motherboard on a laptop or PC…. Just how do you think GPRS is supposed to function without power… the whole point of replacing GPS with GPRS “was, originally intended for” locating falling or MIA troops…. EVEN IF THE POWER SUPPLY IS DEAD….

RamsE39_E38

You ever try to turn on your phone that has died, see the screen light up with the dead battery signal?? It can produce this dead battery screen for a very long time. The phone says the battery is dead, but it isn’t truly “dead” yet. There just isn’t enough life left to power to run the screen, speakers, keys just unable to power the screen, light up the keys etc.. That is how a phone can EASILY continue to transmit GPS signal to a tower.

P.S. Emergency services IE law enforcement calls US when they need someone found, you only work in emergency services, it isn’t deemed necessary for you to have that kind of power, let alone access to the network. I wish I could take a picture of my screen right now so I could show you red dot on the map that shows where im at right now (with my phone off)

Edumacated2

You are only seeing your last known location. Yes, we call the carrier for location. If the phone is off all they can give us is the last known location. Try it for yourself as I have no reason to believe that the carriers are lying to us. Turn your phone off, leave it off and take it to another place at least 1 mile away. Then check location. According to what the carriers have told us, you will see the location of where the phone was when it turned off.

GoingKnightly

FYI, Apple boasts about their Find My iPhone feature being able to send out a ‘last gasp’ GPS, even when the battery is dead or removed. There IS a small charge left in the phone.

ashirviskas

That’s bullshit. When a smartphone is powered off, it is powered off. No wireless signals are being broadcasted. Only some old dumb phones had feature, which enabled getting sms while they were “powered off”, while in reality they weren’t, they just “pretended” to be off, their baseband chips were still working. I don’t believe you. Prove what you just said or I call this bullshit.

Yty

Wrap the phone in tinfoil….. ;)

Caption Oblivious

have you ever read the telecommunications act of 1996? this is all required in that law. yes you can be traced by a powered off cell phone. also new phones still track you even if you remove the battery.

this has been mainstream news for years now.

RamsE39_E38

I prefer to not lose my job and get sued for releasing specifics to a random person that doubts me online. So call BS all you like, I only work at the Engineering HQ (1 of 2) that overlooks the entire western half of the United States’ wireless services. :shrug: What do i know right?

Fred

First…I don’t know what you mean by a “CMOS battery”? Do you mean a backup battery that retains CMOS memory? If so, they only supply (IF they are even in the phone…most non-volatile data is stored on flash these days) uAs of current…not enough to run the RF section….which bursts @ hundreds of mAs…1000 times higher. Second…GPS DOES NOT SEND DATA….it receives only. This tells me you know not what you are talking about. AND Caption Oblivious claiming that a phone is still traceable without a battery….stupid. He must know of a way to produce free energy out of nothing. Maybe he has mice running around a wheel…in his phone. There is a possibility of RF energy harvesting…but not in a phone…at this time.

Caption Oblivious

micobatteries installed directly on the motherboard.

RamsE39_E38

yes, this is exactly what I was trying to say.

Caption Oblivious

that is just the tip of the ice berg. There are many other goodies that the are covertly adding in.

Andrew

Thats BS! You cannot track a phone that is powered off (unless you have access to something local law enforcement does not). Unless your a fed or military and know something I don’t, , your lying.

RamsE39_E38

I work as an engineer for a massive telecom company who prides themselVes on their 4G LTE band A network… (a few hints there..) So indeed, I have access to things law enforcement and you do not. Law enforcement calls us when they need help all the time.

nico

Oh yes you can. Battery must be removed buddy.

bobo

Why would anyone buy a phone and service contract and never turn on the phone?????

me

Prepaid, only on when I need to call, which isn’t often.

slango20

point is the phone may be off, dead battery, off to save battery, etc

Caption Oblivious

get a faraday enclosure.

elt

I know guys that only make calls. Turn it on, make the call, turn it off…

johnnyjoeidaho

That’s a bigger waste of battery than keeping it on. Takes a lot of juice to power up the OS and all the hardware on a mobile phone.

yeah right

ummm no? my crappy old android would drain the battery after an hour or so if I left it on. turning it off and on gets me days between each charge… you are smoking something…

nsa can use your webcam, microphone, smartphone (even when off but with battery in), listen to calls/text….i read that we knew Orwellian society will come soon and that we will be under surveillance but we didn’t expect it that we ourselves will be installing all equipments for BiG Brother.

joe Knight

techs, yes, sure seems that way, so much for the land of the free…

Kusuriya

well some one else put it well “The greatest deception will be for governments to get people to pay for their own tracking devices.”

Cliff Stamp

Exactly. The very technology that has..or had…the potential to free us and inform us now will subjugate us and inform on us.

Bretware

Just for the record, Stingray can not put malware on your phone. It can recover calls made/received/length, location data, phone and phone card metadata like IMSI and IMEI numbers.

Caption Oblivious

yet all documents pretaining to STINGRAY are propriety intellectual property of HASERT the manufacturer.Any one using one has to sign a iron clad non-disclosure. That being onm the record, you likely have no idea what upgraded capabilities they may be shipped with or modifications made by unscrupulous 3rd parties.

Kyle Hamilton

Stingray can perform “baseband” attacks, among other thing to force a listening device to connect to and route all communications to it instead of (perhaps higher-strength) non-Stingray towers. The baseband chip is an entirely different chip, running an entirely different OS, and that OS is almost never actually updated. In addition, it’s closed-source and not the easiest thing to reverse-engineer.

The article references “baseband attacks”. These can perform memory corruption against the memory shared with the application processor. Unfortunately, it is well-documented how easy it is to perform them. We also know that NSA stockpiles 0-day vulnerabilities to use against targets and install malicious software.

The NSA actually has a closed-source OS available on every phone (including open-source phone OSes). I’m not saying that it would it need to run anything on the application processor at all, if it edited the baseband image in memory that would stay running until the phone was de-powered entirely.

Oshiro

So why do people keep saying that USA is a “free” country? Sounds more like a prison in reality.

Tyler

StingRay is a mobile system (small and portable in cars) able to be used in very short distances by police in vehicles. It is quite obvious these towers were built by the US military for monitoring activity around said bases, likely for protection and to intercept nearby malicious/approaching signals. Why else would they be ON the military bases?

Scott Fredericks

Why Else – to spy on the base, put up by intelegence agancies from other countries. But I agree probably US military.

Kyle Hamilton

Stingray’s range is dependent on the transceiver it is connected to, I believe.

The real question is, why would these towers be at South Point Casino in Las Vegas, which is as far away from Nellis Air Force Base as you can get in the Las Vegas Valley?

Jeff Schmidt

The government never seems to understand that as soon as you create back doors into devices or software to allow the government in, you are absolutely allowing malicious bad actors to exploit the back door. Sooner or later, the black hats will figure out how to exploit the backdoor, and WILL do so for fun and profit.

I, for one, wish we had a government more concerned with securing us than making us insecure.

Secret Squirrel

And you don’t think the government has done this for fun and profit? Not that Black hats should, either.

Caption Oblivious

they need to be less concerned with keeping us safe. that is what the second amendment is for….

L O

My Ex Father in-law owned an electronics company, Building medical devices, among other items ( not sure exactly what, other then the medical devices ) employed up to 100 people and had clients worldwide…. This man refused to own a home computer, or a smart phone. His company was ran just like any other company, complete with computers, and computer related machines ( pick-and-place ) that was necessary to run a successful company … But he refused to own a home computer, or a smart phone. To this day he still has an old flip phone as his cell phone, and resists upgrading to current technology.

Unproven because there is more than one possible source of this technology.
—
David Harley
ESET Senior Research Fellow
Small Blue-Green World

Caption Oblivious

not likely that these towers are rouge individuals based on location. Also the fact that the police are not investigating the mystery towers is another giveaway.

boomin

Trigger Fish Look it up

Bruce Lawrence Bergman

Hey, ESET: Search up “Stingray cell phone monitor” with special attention to the news:comp.dcom.telecom Usenet newsgroup.

The Feds have been doing it for years as well as certain Police Departments with deep pockets for buying toys. And they are very careful to keep the name out of court documents to avoid FOIA actions, and the manufacturers have managed to keep all the details secret and the repair and operating manuals classified too.

But then again, these aren’t being used against Choirboys, so don’t give away too many details. Just the fact they exist is enough to worry.

A lot of respondents seem to be assuming that these ‘towers’ are physical installations, but you’re correct in suggesting that they could be portable devices. (I’ve no insider knowledge of this issue, but I’d be surprised if they weren’t.) However, the use of fake base stations isn’t restricted to law enforcement or government agencies, or to the US.

Cliff Stamp

I have to wonder….how hard would it be for a foreign power to do something like this? It seems like it would be a bit crude for China or Russia…they have other means, but N. Korea? Just thinking aloud here. Not thinking along the lines of terrorists per se, rather true nations…or emergent nation states. Even a month or two of captured traffic would be invaluable….presuming the encryption could be cracked. Rambling. I need coffee.

bobdog19006

Seems like I recall an article suggesting that law enforcement buys access to a private database that tracks cellphone surveillance. Part of the contract reads like the movie Fight Club. You don’t talk about it or you lose your access. I’m not sure if this is part of stingray or not, but I remember reading the article.

One law enforcement agency that is known to be using Stingray is the city of Tacoma. Google “stingray cell phone tower”.

Ed_Luva

Man, this is a great story. Is anyone working on getting all locations of the domestically placed intercept towers? This new security literacy being required of the American people is pretty complex, but it’s like living in a spy novel. I’m in!

As several people have pointed out, these aren’t necessarily static installations.

simplulo

Has anyone tried surveilling the surveillors?

Mike Maus

You are not catching the drift…these systems are sniffing for hackers and providing a publicly untraceable back door into smartphone data systems. Your communications are completely under the control of unknown agents for secret purposes if someone is willing to spend lots of money.

Bruce Lawrence Bergman

‘Watching the Watchers’ is a good idea, I have radio scanners and a Radar/LIDAR Detector. BUT you are a Krill that wants to go dancing with a Whale – They can make you disappear and never even notice they did it.

You want to spend a few hundred grand on the specialized Cellular Spectrum Analyzer and Service Monitor gear to intercept the raw signals, and even more to get access to the lower-level data control signals they’re using for the hacks, you go right ahead.

Better bank a bunch for bail and lawyers, too. Murphy’s Law of Combat: Tracers Work Both Ways. They’ll see it when you start poking around, just like Massachusetts Cops with their VG2 Radar Detector Detector.

tB

So they sink tons of cash into the BS ‘War on Drugs’ but some assholes have the time & resources to build multiple towers in multiple places & got away with it & no one noticed multiple times? Something seems a bit off to me.No way this went down without someone getting paid off or knowing.. Where’s the NSA now? If they know so much how did they not catch or know of this, at least once.. or could it possibly be theirs?

Added a note. It will take some time for the amended version to propagate.

Austin Smith

You should probably replace the image, your entire article reeks of an advertisement for this android phone company, you use an image that is intentionally misleading to drum up more interest with a title saying “fake cell phone towers…” then you leave a note demonizing people for using the information you intentionally put in an article even after many people told you that using that image was misrepresenting the situation and yet it stays..8 hours later.

I’ve asked for the image to be changed. However, if anyone is being demonized here it’s me. I did not write the article, I did not choose the photograph, and I certainly have no interest in promoting that product or any other. What I did do was give my opinion that the original article was probably not about physical towers.

Jim

You may be correct that it is criminals, but knowing what NSA does openly now suggest that criminals would be caught quickly by NSA and other authorities (I call them criminals).

Common sense strongly suggest otherwise.

Law ‘n order

Apparently, these interceptors are fairly easy to detect. That being the case, I would expect that the various government agencies responsible for electronic security and counterintelligence would have and use the required detectors. Given that, any interceptor operating from one location for more than a few minutes at a time pretty much has to have “official” approval, especially when the operating location is on or near a military base, where electronic security can be expected to be intense.

Steve

Start to dismantle one of the towers. The owners will show up soon enuff.

I Live in Nevada and was in the Nevada National Guard. I find it interesting that the nevada guard only uses the South Point Casino for events. Also, the F-22 & the Predator drone were partly developed in Las Vegas (Area 51).

I believe these towers are used to track potential espionage attempts.

Rob Waugh is in the UK. I’m afraid he’s not in a position to go hunting fake towers in the US.

Lansman

Most comments here are from badly ill informed people. First, spend some time searching the net for OpenBTS. These so called “towers” could be in your back yard if you build one. cheap. Yes…. This is an alarmist article seemingly intended to drum up business. And to those who wrote about a hand set sending GPS signals! WTF would that do? Confuse other GPS devices? And ya ain’t gonna do that on a tiny battery. Lastly, it is interesting to think about hacking handset baseband. I suspect many modern cell phones operate as a SDR. There is not really a “baseband” chip. But there probably is a chip capable of doing a lot more than GSM and LTE.

Sixteanine

Scary. Zzzzzz

RickRussellTX

Mystery? Reveal where they are, and somebody will have city and county ownership records, construction permits, easement permits and electric bills inside of a business day.

These are probably not static installations. Hopefully, the company that flagged them will have notified a responsible agency rather than just issuing a press release.

Jim pin

This piece reads like an infomercial at times.

skad0000

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”

You’re assuming these are static installations. That isn’t necessarily the case.

fagtron

ahhh commander Data, we’ve been looking for you, the captain needs you on the bridge

tom

‘merica land of the free home of the fake towers

Dumitru Alin

apple owned i guess !

hans

Dont these towers need to send their stolen information somewhere? Isn’t it easy to check where they send the information to?

Alex Johnson

Oh I wish it were that simple. In the world of IT encryption is the name of the game and christ almighty it doesn’t get easier thanks to Moore’s Law. As as future SNA quite frankly I’m pissing my pants in regards to security and the issues the IT field face as well as myself included.

Certainly there’s doubt as to who is behind it. Mobile kit of this sort is used all over the world by law enforcement, government agencies, and criminals.

Mike Maus

“Criminals” would of course be users who law enforcement agencies don’t want to identify for private reasons like the blatant corruption of “Iran/Contra”, military communications security, banking system data security, or foreign espionage.

bedrockq

Lol…an advertisement disguised as a news story. People lap it up. The NSA is a big deal…..for people looking to exploit the fear generated by it!

The story does rather read like an ad for Cryptophone 500, but that doesn’t mean there’s no truth in it. I’m seeing a lot of assumptions about the NSA in the comments to this story, but no evidence either way.

Gary M.

Rob Waugh calling these groups of equipment “towers” AND posting a picture of an actual tower is idiotic. You’ll have some bubble heads thinking that they are physical antenna arrays somewhere in the open. They are not, in fact.

If there were actual physical towers it would not be a problem at all to track the builders and the users.

Not terribly misleading – they started out as portable units the size of a desktop computer, but when they can be found reliably in the same fixed locations over time odds are it’s some sort of semi-permanent install with a utility power feed.

In a large cabinet bolted to the back-side of a Digital Billboard disguised as part of the controls, inside a house or office suite with the antennas in the attic, etc. You could build an underground Controlled Environment Vault just like the Phone Company uses, but the locks on the hatch are different – Disguise the antennas as a “Micro-cell” on a nearby phone pole.

Might be in a customized van or car, but they take too much power to be far from an outlet or running alternator for long.

b23h

Wow, Mr. Bergman that’s quite an ability you have there. There is no doubt the statement “which look like ordinary towers” is deeply misleading. There is no indication that the “towers” are towers as physical objects as one normally uses the term and therefore the use of the word “look” is used only to mean that they are electronically indistinguishable from normal cell phone towers.

Whether or not these objects are portable or not is irrelevant or what their power source is as the likelihood is that they look nothing like towers.

Bruce Lawrence Bergman

The RF signals emitted by these ‘rogue cell towers’ look to the radio in your Cellphone like an ordinary tower by design – they are functionally blind, only listening to the data giving them commands.

Physically there are no such restrictions on “What a cell site looks like”, you have to develop a sixth sense of picking out the little details of a building and going “That looks unusual”.

You can only disguise an antenna array so far – they have to be up high with a clear shot in all directions, and a radio-transparent fiberglass cover if they’re imitating the building features in a “Bell Tower” or a suspiciously fat “Flagpole”. A trained eye can pick out most of the “Stealth Cell Site” style antennas. They can even be concealed inside large Neon Signs on buildings, behind the Plexiglas face.

I’ve seen commercial cell sites built into Clock Towers, Water Towers (they put the vertical panel antennas as the posts along the “walkway” handrails) Fire Station Hose Drying Racks, Billboards, and permanent shopping center signs all over the place – If it’s on a high point and has a clear view of a mile of Freeway or major highway in all directions, it’s a valuable location.

{EDIT: Oh, and Fake Pine Trees, Queen Palm and Date Palm Trees, and other greenery too. Works best when they plant a dozen real ones interspersed with the two or three fakes in a grove. But they have to keep the real ones pruned back or replaced often as they outgrow the steel ones.}

But that doesn’t tell you whether that antenna array is a legit Cell Carrier install, perhaps a Business Band repeater system, TV or Radio Remote repeater, or other legit gear – or one of these Stingrays set up semi-permanent. You need some really fancy electronics like a “DC to Daylight” spectrum analyzer – or your own Stingray – to find that out.

Or get up on the roof of the suspect building, where there’s a legally required warning sign telling you not to stand in front of the antennas without calling a certain phone number first – and the Cell Company will turn off the base station while you work. If you see antennas and don’t see that sign, be suspicious.

b23h

ACK!! Keep in mind you stated that “Seventeen mysterious cellphone towers have been found in America which look like ordinary towers” IS NOT misleading. Whether or not all cell phone towers look like the standard cell phone tower, the use of the term LOOK to only designate certain aspects of functional equivalence ignores the common usage of vision for a connotation and a perspective from the cell phone. “Look like ordinary towers” is poorly written and misleading.

American Patriot

Monitor these fake sites with a service monitor configured for W- CDMA/GSM, then look at the uplink and downlink signals. Most W-CDMA sites have baseband signals that are 3.84 MHz, wide. A fake tower site must also conform to industry standards, or they are of no use. Uplink frequencies are in the low 800 band, and downlink frequencies are in the upper 800 MHz. band to nearly 1.0 GHz. You can ignore the 900 ISM band completely, this is NOT used for any cellular systems in this nation.
UHF in the 400-500 MHz. range is also not used. 700/800 is comprised of trunked radio sytstems, so you see a lot of data channels squawking here.
Keep looking, the answers are there, you simply need to know where to look, and what to look for.

Ilya Simkhovich

i really started to hope that the government was listening to the ambient sounds in my living room almost TEN YEARS AGO. i think it’s funny if they have to listen to the movies i watch; i obsess and can watch something religiously when i get home from school and begin to relax so they would have ended up listening to “scarface”, “goodfellas”, “the stoned age” or the entire series of “the sopranos”, “seinfeld”, “oz” or “the simpsons” several times. what does it matter? the NSA doesn’t care about ANYTHING lower than a national security issue; they don’t care if you are talking about drug deals or even low level felonies that the FBI would love to know about because the FBI isn’t allowed to spy illegally to find felons. NONE of you, even bill gates, elon musk or whatever have ANY reason to worry about being spied on. even if they ARE recording the sound of your room through the mic, compressed and sent to the tower, you’re flattering yourselves to think that they care to hear you arguing with your spouse about which grocery store to go to or what stupid television you watch. get a life. just because they’re spying doesn’t mean you should feel paranoid. it’s not a crime to stare at someone on the street; it’s really not that bad for them to be watching you all the time. you 30 cameras watching you in a walmart… grow up.

Jarod Sholtz

What makes you think a human is listening?

I have a free app on my phone that listens to a song, and within a few seconds tells me what song it is, and gives me the lyrics. And it does this in a crowded bar full of loud drunks. A fake tower intercepting cell signals could do the same thing, but scanning for different keywords. If it matches, the conversation might be sent to a human.

Try saying something that the SS wouldn’t like in a phone call with someone, and see if they come knocking on your door. If they have to come all the way out to see you, chances are good that you won’t be treated kindly.

Exquisite Corpse

Actually if you were thinking about this ten years ago then maybe you’re familiar with the report, “Interception Capabilities 2000”? Its got a fun subtitle: “Report to the Director General for Research of the European Parliament (Scientific and Technical Options Assessment programme office) on the development of surveillance technology and risk of abuse of economic information.” It makes a great read to see just how far along the state of COMINT grade surveillance tech was nearly 15 years ago, its pretty impressive:http://www.cyber-rights.org/in…

Of course the kind of surveillance this infamous report speaks of would be the exact kind the NSA is supposed to be doing all these years: a full sweep of all inbound and outbound international communications connecting to our country – and all communications whether inside or outside our country where one endpoint is a foreign national.

But more importantly, those last 6 words of the title, “risk of abuse of economic information” suggest that at least as far back as 2000 when this report was being prepared the risk of abuse of economic information obtained by state-level actors was already well-known enough of a consideration for it to land in the title of this report.

In this context its not too difficult to imagine how a state-level actor might stand to benefit by giving unfair competitive advantage to its own corporations and allies when its COMINT surveillance activities detect economically significant communications (such as trade secrets) between foreign corporate entities otherwise un-allied to the state doing the surveillance.

And consider many of the laws under which our politicians and intel officials frequently have suggested Snowden be charged have stipulations like “aiding the enemy.” If the American citizenry really is the target of the recently outed domestic surveillance and not just communications where at least one endpoint is foreign connected in some way, then what is to say the dollar value of intercepted economic intelligence could not trump the kind of compartmentalization between intel agencies and LEO’s that you seem to suggest protects us from this?

Mike

Turn the power off to one of them and wait to see who comes to repair it !!

Is it bad that i don’t want to even google Cryptophone 500 to read more about what it is, even if i don’t want to buy one? Why does everything you do even with no ill intents have to be monitored?

Steve Low

These fake base station are just typical interceptors a.k.a stingray, most vendors are only interested to sell to law enforcement or large corporation which are willing to pay a lot for it.

Alternatively you can easily buy 1 from China(although the chinese government just banned public sale of these fake base station equipment recently, you can still easily source for one). Or if you are technically savvy enough, you can build 1 using some old motorola phones by using an open source baseband called OsmocomBB.

The “CryptoPhone 500″…while I do not have the details of the product, you do not need any ultra secret phone to detect such fake base stations. If you have ANY samsung galaxy S3 phone, just install this “IMSI Catcher Detector” android app (https://github.com/SecUpwN/Android-IMSI-Catcher-Detector)

Jmdintpa

DUH your very own US Government is doing it. Do you people really think you live in some free society. we are about as free as the ordinary russian. our government tells us what to eat , when to sleep, what to wear and what to watch on tv and the radio. the fear of terror after 9/11 pretty much did the country in. we gave up all freedom for fear. we have become so afraid i guess we really dont deserve to be free. we elected the people who put into place these towers, we elected a government who made the homeland security, we continue to elect people who only care of power and money. we really deserve all this because we allowed it.

Jim E

You must be in prison. Nobody’s ever told me what to eat, when to sleep, or what to wear and nobody ever will.

Sheep will be Sheep

Try buying some unpasteurized fresh milk.

Richard Kline

“Our government tells us what to eat” really? How about some proof.
“When to sleep” Really, so the government told me to sleep at 10:30pm last night after I was done reading the news.
“What to wear” WRONG.. my wife tells me what to wear… LOL… oh… yeah, she’s a secret government clothing agent.
“What to watch on TV/Radio” again… really? I have kids, I don’t get to watch TV. I hardly listen to the radio… oh… wait… I”m excercising free choice, but I’m actually being subliminally coerced into listening to the recording of the Chamber Choir I sing it… IT’S ALL A CONSPIRACY!

“As free as the ordinary russian” Do you actually know any Russians? I do….. I get a different feeling from them…

What a joke.

Richard Amodeo

Being that they are located at or around military bases leads me to believe that they (the government) are trying to intercept any possible terrorist communications related to attacks and spying of military installations. That of course is just a guess but it makes sense because military installations contain things terrorist would be interested in.

citizenx

A map with the locations of these towers should in the first sentence of this story.

they are mobile units normally, think a police stake out in a van listening to everything with huge dishes on top …these are basically vans that have installed software and hardware needed to intercept your voice/data and they can even ping back/upload keygen, viruses, spam, ect …they can keep getting your information this way using an online decoder that sends them transcripts of important sequences such as 16 digit CC numbers, bank numbers, if you purchase anything using your phone and it shows up on your bill they can steal the authorization key and charge money off your account and safely into a paypal account , that leads usually to a walmart prepaid card (GE Bank) , that is usually in a fake name…. Online/mobile security cost America around 20 billion per year, much more than all other types of theft combined. It’s a serious business with serious rewards and they are rarely caught, we don’t exactly have internet police so unless you pull string to get the FBI involved or they some how steal enough from one person to warrant the FBI’s involvement (like over 10 grand from one person, not several , one) then your local police are not trained to do anything about it. We need to form a new agency who governs these things but we can’t because that would require putting some legal standards on media,internet,data,and mobile usage and America already shot that down citing “don’t infringe on our Internet rights” when it had nothing to do with that. When this problem reaches closer to a few hundred billion maybe we will change our minds or maybe we will still btch about illegal immigration while ID thief’s bankrupt our country in ways even the most conservative, racist, obama hating person couldn’t imagine….The power of social media ruined something we could of solved years ago, OUR FREEDOM OF INTERNET SPEECH , lol nothing is free, either way we will pay.

I was referring to the collective ‘you’ of this site. My question was rather rhetorical seeing how you mentioned the author is in UK, and the only mentioned source is a cryptophone employee. Nice ad!

Reasonable assumption

Doesn’t anyone ever consider the fact that the people most interested in who is making calls around military bases would be someone like China or Russia, and NOT our own country?

Just because its in our country, doesn’t mean that our government did it. There are plenty of nations with the capabilities to do that. And to be honest, our government can care less about what 99% of us are doing every day, you’re just not that interesting and/or important.

winter32842

My money is on NSA and CIA.

transmitterguy

I’m a transmitter engineer and have noticed equipment “popping up” on previously vacated towers, with no specific signage of what they are. We were told that some towers have had a private internet antennas installed for banking use. Maybe these other towers are listening to the banks data?

Jim

There may be even more of these than we think since they now make communication towers that look like trees.

Elected by the People

It can cost up to a million dollars to build a cell site with all the logistics, equipment and personnel. The owners of the site is a matter of public record, the building has to be approved by a committee weather it is a state, city, county or tribal area. Tell me where these 17 cell towers are and I or anyone who knows how to the proper reseach which is not that hard as I said is public record and you will find out a little of who owns and pays for the land lease.

ThinkMn

Who and what are their purpose? Simple NSA once again. Of course they’ll claim they only use them for legitimate reasons and within the limits of the law – most of the time.

Time for me to upgrade my Android OS to the secure one obviously.

wkb123123

The thing that just doesn’t add up…
These are rogue, fake towers, supposedly constructed by scammers, with criminal intent, then why do we allow them to exist, to continue?

James Patrick

The communication privacy laws are out dated, they were created before the age of the internet and smart phones, what this means is land lines have rights and cannot be tapped without a court order, however wireless cell phones and smart phones were not around to be included in those protection laws which means police and government agency’s can at any time access your phone remotely and monitor all you do with it

Personally IDC if the powers that be want to intercept the lovey dovey messages and slightly inappropriate pics i send and receive let them get their jollies off I have nothing to hide and nothing worth stealing.

I just believe they really should find something better to do with their time and technology than use our tax $$$ to fund their peeping tom tendencies

fisharmor .

If you had a bazillion dollars in your lap and got told to go find terrorists, what are you going to do? Are you going to train and hire special ops teams to go overseas to places with 120 degree temperatures where there are actual terrorists, or are you going to stay home in your AC and invent some? One approach requires listening in on all phone conversations, and the other doesn’t.

ESD America

The CP500 features a baseband firewall that detects changes in the cellular network. Additionally it can detect when someone trys to send any data to the device. The firewall can identify the difference between OS Activity and Baseband Activity. Please feel free to contact us with any questions. info@esdamerica.com

Snarkattack

No one writes their legislators or votes (unless their guy is a sure winner) so we can do w/e we want. -authorities, criminals

me

The Mexican cartels do this in Mexico. They create their own towers to have their own frequencies. Hope its not them though.

dfhd

R U sure they aren’t Chinese?

Charles Batchelor

It’s really a no brainer, NSA.

mel adrama-matic

Just so you know. No special towers are needed. the actual cell towers can do all the fun stuff listed. as far as government tracking it’s people. FCC took care of that awhile ago. with the right radio equipment and know how anyone can assemble a similar device. for every technological convenience we gain, we are tet6hered to the grid. welcome to the matrix.

Andrew Godfrey

“There have been many comments to this story from people who are assuming that these ‘towers’ are physical installations. There’s no reason to assume this is the case.”

People are assuming that because in the first line of your article, you say:

“Seventeen mysterious cellphone towers have been found in America which look like ordinary towers.”

So, yeah. Get your story straight.

oregonlogger

Wow…what a surprise…Bazinga!

Derryk Amiker

It’s the Russians…..or Chinese they are out there watching listening and learning. Be afraid people

Bretware

If there was one at the South Point Casino, it very well could be organization crime

Charles Dallas

If we know they are fake towers just destroy them.

RampageBiking

FBI/CIA/DEA/ICE/ETC have had installations in cellular towers for as long as I can remember. This is nothing new. Source- I have worked in wireless for 15 years and have had all the above in my wireless switch when they come to fix their broken crap.

Peter van Hoof

I am not sure if these are factual but I would like to see a list of locations where they think these towers are. I am fairly sure that when accurate they will not remain published very long though.

It is already virtually impossible to find out which company operates a specific tower, signal strength nearby is not always a good indicator.

Evan Langlois

This is old information. The FBI admits to using these years ago http://www.wired.com/2011/11/feds-fake-cell-phone-tower/
The article mentions that the government claims there is no expectation of privacy over the airwaves. However, general voice communications are encrypted, and according to the DMCA (which makes playing a DVD under Linux or other non-approved devices a federal offense) the decryption of data without permission is illegal. I would say that this constitutes an expectation of privacy because the privacy of that data is protected by federal law! I wonder if the EFF has gotten in on this. The ACLU already has. I encourage everyone to support both the EFF and ACLU because these places exist to fight exactly this sort of abuse.

Yo_Its_Me

VERY HELPFUL LINK Evan, thanks!

Kris Shankar

If you want to avoid being snooped on, should buy a Windows phone? Not enough of them out there for the NSA to go through the effort of putting up towers to snoop on them…

grant

no doubt, it’s our over intrusive NSA at it again listening in on Americans.

FFdaisy

I find out the ‘fake’ cellphone towers report in China, everyone can download it here:. But it’s in Chinese, wish who can translate it into English!

PLEASE READ! It’s NOT a tower. Ignore the picture. Its a device that is detected by the phone as a tower. A tower “emulator”. Get it? You can’t walk up to it and pull the plug. It could be sitting in some guys trunk or in a van being driven around, or simply a tower to trace and route the cellular communications on a military base, which is VERY likely. The government stations wouldn’t be owned by Verizon or AT&T and wouldn’t be in the database of the app that is detecting the towers. No one is driving by a huge tower without an owner.

Markrod420

Their purpose is only a mystery if you continue to refuse to acknowledge the clear evidence that we have no privacy from govt or private industry and no protection from their collusion together. However if you choose to accept the obvious reality, that our govt and large corporations are deeply corrupt and working against us, its quite clear where these towers came from and how they are being used.

RickRussellTX

Mr. Harley, regarding the qualification you added to the article, why did you say:

> Seventeen mysterious cellphone towers have been found in America which look like ordinary towers

when, in fact, you have no idea what they look like? Why did you lead with the phrase “fake cellphone tower” and use a picture of a cell phone tower?

The article was written by Rob Waugh. I only added the clarification at the top.

Krasnaja Zvezda

So if these rouge “towers” are 2 way, why not get a spectrum analyzer and track them?

mtent57

They’re gray. If they were rouge they would be fairly easy to spot.

crolfe37@yahoo.com

ok so lets figure it this way…i watched a movie one time and they used a frequencie that attacked the grid….they know of 17 of these towers as of the date of this post….what if only takes 28 scattered around this country to cause an emp causing total destruction of everything electrical in the united states as it was in the movie….they should destroy these towers not monitor them to see there purpose…after all they are illegal and are probably owned be a foreign country…a loss of our grid for only 30 minutes would allow terrorists and enemies of the us to enter our country undetected

WinstonSmith2012

I suspect this may be very much ado about nothing. Mobile cell van supplements are used for capacity supplementation in high traffic areas and in emergency situations, like post-tornado or hurricane comm. It could be that the tendency for these vans to be located near military bases may be a “if it’s not deployed for an emergency, we might as well use it at its home station” philosophy, those vans being on the bases as part of some Homeland Security or FEMA emergency comm program.

Wrong. There should be much ado about intercepting phone calls and texts, because it is an unconstitutional breach of privacy. And illegal, for those of you that spit on the Constitution (that’s you, all you rightwing law-and-order nutjobs).

WinstonSmith2012

Most likely much ado about nothing. The claimed (in the PopSci article) tendency for these to be near military bases probably means these are mobile cell systems for emergency comm associated with DHS or FEMA that are used while not deployed for training with constant operation also providing fully “burnt-in” and known to be fully operational systems to be deployed to an emergency area (ex., hurricane) while providing the added benefit of supplementing cell coverage in their area when not deployed. Google – Cell on Wheels (COW).

Garandy

If they’re on military bases, they probably belong to the Cybersecurity arm of whichever service operates the base (For USAF, that’d be Cyber Command) – it’s entirely right and legal to monitor communications moving in and out of your bases as a means of investigating potential security leaks.

Jake Steele

So a casino is part of what branch of the military?

James D. Haskell

“[There have been many comments to this story from people who are assuming that these ‘towers’ are physical installations. There’s no reason to assume this is the case: it’s far likelier that they are mobile installations of the kind used not only by law enforcement and government agencies, but also by scammers and other criminals. (David Harley)]”

David Harley, did you read the first paragraph?

“Seventeen mysterious cellphone towers have been found in America which look like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose, according to Popular Science.”

Yes. I was commenting generally, not attacking or defending the article.

BlondeArrow

Since the beginning of telecommunications, which both wireline and wireless, the ability to “eavesdrop” has ALWAYS existed. This began with the telegraph! If it wasn’t the “operator” who connected your calls (before switches were invented), it was the police or the FBI who were tracking suspects. Why did the US military recruit the Navajo Indians (i.e. “talkers”) to send messages in the Pacific vs the Japanese? The same “dangers” have always existed with the internet and e-mails. For some reason, many people want to believe that telecommunications, in this day and age, is different! It’s not. Let’s face it, if Russian hackers can access the private, encrypted, financial records of the major banks, why are people surprised that hackers can also access our personal communications?

sirald66

If they are installed by military bases, two thoughts come to mind.

Either they are foreign actors spying on the military.

Or it is the military spying on its self — trying to ferret out moles.

w w

Cut one of those towers down and you will find out who owns it real fast. Should be a lot of scrap metal in one of those things.

battling_ignorance

Anybody know where the map of these locations is?

J or Jefe

This story conveniently comes out two days after the huge celeb iCloud hackathon. Coincidence or no?

terry bigler

So again technology turns on us,,but it is not technology it is the criminals that subvert it..Whether it be for monitary gain or political interest the outcome is roughly the same.Want to be secure ,,whisper in someone’s ear..Best idea is to put no personal information into the ether and keep your business to yourself.It would not surprise me that many of these “snooper towers” are brought to you by the NSA,who seem to want to know everything about everybody.The other alternative is to be so useless as to be a waste of those people’s time,In that respect I have succeeded.

Moe Detale

Publish the LAC and CID for every antenna (CID) and associated mcentral office (LAC) facility. Certainly one can write an APP for knowing you are connected to the LAC and CID in question and alert you.

Jeremy Benghazi Barmore III

Hmmm who would want to spy on our phones, have the ability, and the authority? NSA maybe?

Keys Man 70

This is why I love tracphone. Buy a ten dollar phone open a account with a fake name using a rechargeable debit visa card under the fake name. Do what ever you want, when done dump the phone. And start all over.

I asked for the picture to be changed, and it has been. I agree that it wasn’t the best choice and may have misled some people, but that doesn’t justify the abusive tone of many of the comments made here. I don’t believe for a second that whoever chose it meant to mislead.

Gally

Wanna know who owns ’em? Drop the things to the ground and see who comes out to investigate.

Canadian

For all those people that think a simple CMOS battery will have enough power to transmit when the phone is off are wrong, the CMOS battery would have to power the components necessary for what ever needs to be transmitted which could be the GPS chipset, baseband, flash memory controllers, main board/audio board for microphones, etc. Eventually and extremely quickly the battery would drain out. If your battery is in the phone certainly the phone could be “playing dead” and could still transmit but you cannot track a phone that does not have power period. Anyone who tells you otherwise is trying to trick people into thinking that pulling your battery is useless when it certainly isn’t, this is why apple devices are made difficult to have their batteries removed but of course in that case DFU mode does prevent the baseband from operating due to being placed in a flash ready mode.

akj

Another stellar article! Do you ever completely read the sources you take from? What is a “baseband operating system”? Do you mean the baseband processor?

Also, these are not “extremely difficult attacks.” Encryption for cellular networks has been quite broken for a long time, and running a malicious cell was done by researchers in 2012 for $1,500, which, I suppose, means that Goldsmith’s “less than $100,000” is technically accurate.

Some important information is missing from this article. How does this cryptophone protect against these attacks? Have they reworked the kernel? What military bases are these cells operating in?

“baseband operating system” really gets me. That’s the kind of thing that lives on at cracked: “Five technobabble terms that show just how computer-illiterate tech reporters are”

Exquisite Corpse

See “The second operating system hiding in every mobile phone”, it explains how the baseband processor of a typical contemporary smartphone is sophisticated enough that it has its own firmware and operating system:

I stand corrected, and not just a little amazed that network interface device runs its own operating system.

Exquisite Corpse

The question is, just how true are the claims that the baseband subsystem side of the phone can function completely independently of the smartphone side of the phone? That sounds like an excellent platform for all sorts of surreptitious functionality easily put into the service of surveillance and apparently no phone antivirus software even knows about that portion of a modern phone.

I’ve also heard it claimed that among its featureset the baseband OS has the ability to issue surreptitious software updates to the smartphone side of the device. That sort of functionality would make it childs play to implement persistent malware of the “nsa catalog” variety.

L O

Sometimes your best security is backwards not forwards.. im going back to a flip phone

Stingray isn’t nearly as bad as cellular radar, which it is a lite form of. Not quite the same, but kinda in that direction. The real stuff can and will kill your ass. It provides, via matched computer, 3-d viewing and audio into your immediate environment. Completely without warrant. It’s used by your masters. It is called the beast. You can even build your own dirty units using microwave radar equipment. If you’re in USA, this mess is far deadlier and evil and Snowden’s geek tweek bullshit. This is your big brother, right there with ya, 24/7. Waterheads and Pensioners, all taxpayer funded gangs, use the shit wide open. Who will arrest them? They are protectors of the homeland. yeah. seig heil. Remember these terms, EYE and AURA. Wake up sheep.